#!/bin/bash
# Local para o executavel do IPTables
IPT=`which iptables`;
# Interface da rede INTERNA
IF_INTERNA="eth1";
# Interface da rede EXTERNA
IF_EXTERNA="eth0";
# Definição da rede interna
REDE_INTERNA="172.0.0.0/24"
$IPT -t filter -F
$IPT -t nat -F
$IPT -t mangle -F
$IPT -t filter -X
$IPT -t nat -X
$IPT -t mangle -X
$IPT -t filter -Z
$IPT -t nat -Z
$IPT -t mangle -Z
#ativa o roteamento dinamico
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
# Muda a prioridade dos pacotes (Type Of Service) para agilizar as coisas
$IPT -t mangle -A OUTPUT -o $IF_EXTERNA -p tcp -m multiport --dports 22 -j TOS --set-tos 0x10
# Libera todo o trafego local
$IPT -t filter -A INPUT -i lo -j ACCEPT
$IPT -t filter -A INPUT -i $IF_INTERNA -j ACCEPT
$IPT -t filter -A FORWARD -i $IF_INTERNA -j ACCEPT
#Redirecionando porta para Proxy
$IPT -t nat -A PREROUTING -i $IF_INTERNA -p tcp --dport 80 -j REDIRECT --to-port 3128
#Libera SSH e WEB
$IPT -t filter -A INPUT -i $IF_EXTERNA -p tcp -m multiport --dports 22,8080 -j ACCEPT
#TeamSpeak
$IPT -t filter -A INPUT -i $IF_EXTERNA -p udp --dport 8767 -j ACCEPT
$IPT -t filter -A INPUT -i $IF_EXTERNA -p tcp --dport 51234 -j ACCEPT
$IPT -t filter -A INPUT -i $IF_EXTERNA -p tcp --dport 14534 -j ACCEPT
#Libera a conexao para a rede interna
$IPT -t nat -A POSTROUTING -s $REDE_INTERNA -j MASQUERADE
# Cria um NAT para emule
$IPT -t nat -A PREROUTING -p tcp -d 0/0 --dport 4662 -j DNAT --to 172.0.0.2:4662
$IPT -t nat -A PREROUTING -p udp -d 0/0 --dport 4672 -j DNAT --to 172.0.0.2:4672
# Fecha o resto
$IPT -P INPUT BLOCK
$IPT -P FORWaRd BLOCK